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IN THE CLAIMS: 

1. (currently amended) A method comprising: 
having an identity authenticated in a first system; 

a second system causing a key to be generated for use in the second system; 
the second system generating a certificate for the key; and 

establishing the identity of the user in the second system by signing the certificate for 
the key using the authenticated identity of the user in the first system, 

wherein the certificate for the key for use in the second system contains one or more 
usage limitations, at least including a temporal limit on usage, and 

wherein the temporal limit requires that once a session on the second system is 
completed, the certificate or a corresponding key is destroyed . 

2. (original) A method as defined in claim 1, wherein the key is generated by the second 
system. 

3. (original) A method as defined in claim 1, wherein the key is generated by the first 
system. 

4. (original) A method as defined in claim 1, further comprising the step of: a third party 
communicating with the user of the second system and verifying the user of the second system 
by the authenticated identity of the user of the first system. 

5. (original) A method as defined in claim 4, wherein the third party is a server. 



2 



r 



Application Serial No. 10/090,422 
Attorney Docket No. 944-005.002 



6. (original) A method as defined in claim 4, wherein the key comprises a private-public 
key pair and where the certificate includes the public key of the key pair. 

7. (original) A method as defined in claim 6, wherein the certificate further includes an 
identity which is the same as the authenticated identity of theuser of the first system. • 

8. (original) A method as defined in claim 7, where the authenticated identity of the user 
in the first system comprises a private-public key pair and a certificate issued by a Certification 
Authority certification authority , and where the signing of the second system generated 
certificate is by hashing at least some data in the certificate to obtain a hash value, encrypting 
this hash value using the private key of the first system private-public key pair, and adding the 
encrypted hash value to the certificate. 

9. (original) A method as defined in claim 8, wherein the private key of first system 
private-public key pair is stored in a wireless identity module. 

10. (original) A method as defined in claim 9, wherein the private key of the first system 
is accessed by entry of a password. 

11. (currently amended) A method as defined in claim 6, where the identity of the user in 
the first system comprises a private-public key pair and an associated certificate issued by a 
Certification Authority certification authority . 

12. (original) A method as defined in claim 11, wherein the private key of first system 
private-public key pair is stored in a wireless identity module. 
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13. (original) A method as defined in claim 12, wherein the private key of the first system 
is accessed by entry of a password. 

14. (currently amended) A method as defined in claim 1, wherein the authenticated identity 
of the user of the first system forming at least part of the signing of the certificate for the key 
for use in the second system includes encryption of data with the private key of the user of the 
first system, wherein the identity of the user of the first system is certified by a Certification 
Authority certification authority through a corresponding public key for the user of the first 
system. 

15. (original) A method as defined in claim 14, wherein prior to signing the certificate for 
the key for use in the second system, the user of the first system obtains access to its private 
key by entry of a password. 

16. (original) A method as defined in claim 15, wherein the password is a personal 
identification number. 

17. (original) A method as defined in claim 1, wherein the certificate for the key includes 
the full certification tree for the key, said full certification tree including a certificate of the 
first system for the user of the first system. 

18. (original) A method as defined in claim 1, wherein the first system is a wireless 
communication system. 
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19. (original) A method as defined in claim 18, wherein the second system a computer 
connected to the Internet. 

20. (original) A method as defined in claim 17, wherein the second system uses a security 
protocol for establishing a secure session. 

21 . (currently amended) A method as defined in claim 20, wherein the security protocol is 
selected from the group consisting of transport layer security, internet protocol security 
protocol and secure socket layer Transport Layer Security , IP Security Protocol and Secure 
Socket Layer . 

22. (currently amended) A method as defined in claim 20, wherein the wireless 
communication system uses a wireless identity module (WIM) in an associated wireless device 
of the user of the first system for establishing the identity of the user of the first system. 

23. (currently amended) A method as defined in claim 22, wherein the wireless identity 
module (WIM) contains a private key of the user of the first system and wherein a 
corresponding public key of the user of the first system is certified by a Certification Authority 
certification authority . 

24. (currently amended) A method as defined in claim 1, wherein the certificate for the 
key for use in the second system contains one or more usage limitations session is a secure 
socket layer session . 
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25. (currently amended) A method as defined in claim 24 claim 1 , wherein one usage 
limitation is that a third party of the second system should accept the key for use in the second 
system only for certain types of operations. 

26. (original) A method as defined in claim 25, wherein an accepted operation is the use of 
the key for use in the second system for encryption of data but not for signature verification. 

27. (original) A method as defined in claim 1, where the certificate does not contain the 
identity of the user associated with the user generated key, and where the signing of the 
certificate using the authenticated identity of the user of the first system includes appending the 
full certification tree of the first user to the user generated key. 

28. (original) A method as defined in claim 1, where the first and second users are the 
same entity. 

29. (currently amended) A method of authenticating a user in a network environment 
where the user has an authenticated identity not a ss ociated with said network environment, 

comprising: 

generating a key for use in the network a network environment by a user having an 
authenticated identity not associated with said network environment ; 
generating a certificate for the key; and 

establishing the identity of the user in said network environment by signing the 
certificate for the key using the user's authenticated identity, 

wherein the certificate for the key for use in the network environment contains one or 
more usage limitations, at least including a temporal limit on usage, and 
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wherein the temporal limit requires that once a session on the second system is 
completed, the certificate or a corresponding key is destroyed . 

30. (currently amended) A system for authenticating a user of a second system where the 
user ha s an authenticated identity in a first system^ comprising: 

a device forming part of the second a second system, the device having means for 
causing a key to be generated for use in the second system by a user having an authenticated 
identity in a first system , 

said device of the second system having means for generating a certificate for the key; 

and 

a second device forming part of the first system, the second device having means for 
storing information regarding the authenticated identity of the user in the first system, 

said second device further having means for communicating said information; and 
wherein the device of the second system has means for receipt of said information from 
the second device, and further has means for establishing the identity of the user in the second 
system by signing the certificate for the key using the authenticated identity of the user in the 
first system, 

wherein the certificate for the key for use in the second system contains one or more 
usage limitations, at least including a temporal limit on usage, and 

wherein the temporal limit requires that once a session on the second system is 
completed, the certificate or a corresponding key is destroyed . 

31 . (original) A system as defined in claim 30, wherein the device of the second system 
further comprises means for generating said key. 
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32. (original) A system as defined in claim 30, wherein the second device forming part of 
the first system further comprises means for generating said key. 

33. (original) A system as defined in claim 30, wherein a third party communicates with 
the user of the second system, said third party communicating via a third device, said third 
device having means for verifying the user of the second system by the authenticated identity 
of the user of the first system. 

34. (original) A system as defined in claim 33, wherein the third device is a server. 

35. (original) A system as defined in claim 30, wherein the key comprises a private-public 
key pair and where the certificate includes the public key of the key pair. 

36. (original) A system as defined in claim 35, wherein the certificate further includes an 
identity which is the same as the authenticated identity of the user of the first system. 

37. (currently amended) A system as defined in claim 36, where the authenticated identity 
of the user in the first system comprises a private-public key pair and a certificate issued by a 
Certification Authority certification authority , and where the means for signing the second 
system generated certificate is by encrypting this second system generated certificate using the 
private key of the first system private-public key pair. 

38. (original) A system as defined in claim 37, wherein the private key of the first system 
private-public key pair is stored in a wireless identity module forming part of the second 
device. 
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39. (original) A system as defined in claim 38, wherein the second device includes means 
for user entry of information, wherein the private key of the first system is accessed by entry 
of a password via said user entry means. 

40. (currently amended) A system as defined in claim 35, where the identity of the user in 
the first system comprises a private-public key pair and an associated certificate issued by a 
Certification Authority certification authority . 

41. (original) A system as defined in claim 40, wherein the private key of the first system 
private-public key pair is stored in a wireless identity module forming part of the second 
device. 

42. (original) A system as defined in claim 41, wherein the private key of the first system 
is accessed by entry of a password. 

43. (currently amended) A system as defined in claim 30, where the user of the first 
system authenticated identity includes a private-public key pair, where the identity of the user 
of the first system is certified by a Certification Authority certification authority through a 
corresponding public key for the user of the first system, and wherein the means for signing 
the certificate includes signing the certificate for the key for use in the second system by 
encryption of data with the private key of the user of the first system. 

44. (original) A system as defined in claim 43, wherein the second device includes means 
for user entry of information, and wherein the user of the first system obtains access to its 
private key by entry of a password via said user entry means. 
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45. (original) A system as defined in claim 44, wherein the password is a personal 
identification number. 

46. (original) A system as defined in claim 30, wherein the certificate for the key includes 
the full certification tree for the key, said full certification tree including a certificate of the 
first system for the user of the first system. 

47. (original) A system as defined in claim 30, wherein the first system is a wireless 
communication system. 

48. (original) A system as defined in claim 47, wherein the second system is a computer 
connected to the Internet. 

49. (original) A system as defined in claim 44, wherein the second system uses a security 
protocol for establishing a secure session. 

50. (currently amended) A system as defined in claim 49, wherein the security protocol is 
selected from the group consisting of transport layer security, internet protocol security 
protocol and secure socket layer Transport Layer Security; IP Security Protocol and Secure 
Socket Layer . 

51. (currently amended) A system as defined in claim 49, wherein the second device 
forming part of the wireless communication system includes a wireless identity module (WIM) 
for storing information used to establish the identity of the user of the first system. 
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52. (currently amended) A system as defined in claim 51, wherein the wireless identity 
module (WIM) contains a private key of the user of the first system and wherein a 
corresponding public key of the user of the first system is certified by a Certification Authority 
certification authority . 

53. (currently amended) A system as defined in claim 30, wherein the certificate for the 
key for use in the second system contains one or more usage limitations session is a secure 
socket layer session. 

54. (original) A system as defined in claim 53, wherein one usage limitation is that a third 
party of the second system should accept the key for use in the second system only for certain 
types of operations. 

55. (original) A system as defined in claim 54, wherein an accepted operation is the use of 
the key for use in the second system for encryption of data but not for signature verification. 

56. (previously presented) A system as defined in claim 30, where the certificate does not 
contain the identity of the user associated with the user generated key, and where the means for 
signing of the certificate using the authenticated identity of the user of the first system 
including appending the full certification tree of the first user to the user generated key. 

57. (original) A system as defined in claim 30, where the first and second users are the 
same entity. 

58. CANCEL. 



11 



Application Serial No. 10/090,422 
Attorney Docket No. 944-005.002 



59. CANCEL 

60. (currently amended) A wireless device for use in authenticating a user of a s econd 
system where the user has an authenticated identity in a first system associated with the 
wireless device, wherein the s econd system includes a device having means for causing a key 
to be generated for use in the second system > means for generating a certificate for the key, 
and means for transferring the certificate to another device; 

wherein the wirele s s device comprises comprising : 

means for storing information regarding an authenticated identity of a user in a first 
system associated with the wireless device the authenticated identity of the user in the first 
system ; 

means for receipt of the certificate a certificate from [[the]] a second device that is part 
of a second system, the certificate being for a key that is for use in the second system ; and 

means for establishing the identity of the user in the second system by signing the 
certificate using the authenticated identity of the user in the first system and transferring the 
signed certificate to the device of the second system 

wherein the certificate for the key for use in the second system contains one or more 
usage limitations, at least including a temporal limit on usage, and 

wherein the temporal limit requires that once a session on the second system is 
completed, the certificate or a corresponding key is destroyed . 

61. (original) A wireless device as defined in claim 60, wherein the second device includes 
means for generating the key to be used in said second system. 

62. (original) A wireless device as defined in claim 60 claim 56 , wherein the wireless 
device further comprises means for generating the key to be used in the second system. 

12 



Application Serial No. 10/090,422 
Attorney Docket No. 944-005.002 



63. (currently amended) A wireless device as defined in claim 60, where the authenticated 
identity of the user in the first system comprises a private-public key pair and a certificate 
issued by a Certification Authority certification authority , and where the means for signing the 
second system generated certificate is by encrypting this second system generated certificate 
using the private key of the first system private -public key pair, wherein the wireless device 
includes a wireless identity module for storing said private key of the first system private- 
public key pair. 

64. (original) A wireless device as defined in claim 63, wherein the wireless device 
includes means for user entry of information, wherein the private key of the first system is 
accessed by entry of a password via said user entry means. 

65. (currently amended) A program stored on a computer readable medium for execution 
by a processor, the program having code for: for implementing the authentication of a user of 
a s econd system where the user has an authenticated identity in a first system » further 
comprising : 

a device forming part of the second s ystem h the device having program code stored in 
said computer readable medium for generating a key for use in the second system » 

said device of the s econd system having program code stored in said computer readable 
medium for generating a certificate for the key; and 

a s econd device forming part of the first system! the second device having program 
code stored in said computer readable medium for storing the authenticated identity of the user 
in the first system; and 

wherein the second device has program code stored in said computer readable medium 
for establishing the identity of the user in the second system by signing the certificate generated 
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by the device of the second system using the information regarding the authenticated identity of 
the u s er in the first system and transferring the signed certificate to the device of the second 
system, 

generating a key for use in a network environment by a user having an authenticated 
identity not associated with said network environment; 
generating a certificate for the key; and 

establishing the identity of the user in said network environment by signing the 
certificate for the key using the user's authenticated identity, 

wherein the certificate for the key for use in the network environment contains one or 
more usage limitations, at least including a temporal limit on usage, and 

wherein the temporal limit requires that once a session on the second system is 
completed, the certificate or a corresponding key is destroyed . 

66. (new) A wireless device comprising: 

storage module configured to store information regarding an authenticated identity of a 
user in a first system associated with the wireless device; 

receiving module, configured to receive a certificate from a second device that is part 
of a second system, the certificate being for a key that is for use in the second system; and 

signing module configured to establish the identity of the user in the second system by 
signing the certificate using the authenticated identity of the user in the first system and 
transferring the signed certificate to the device of the second system, 

wherein the certificate for the key for use in the second system contains one or more 
usage limitations, at least including a temporal limit on usage, and 

wherein the temporal limit requires that once a session on the second system is 
completed, the certificate or a corresponding key is destroyed. 
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67. (new) A wireless device as defined in claim 66, wherein the second device 
includes a generating module configured to generate the key to be used in said second system. 
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